04-09-2012, 01:54 PM
A HARDWARE IMPLEMENTATION OF THE ADVANCED ENCRYPTION STANDARD (AES) ALGORITHM USING SYSTEMVERILOG
A HARDWARE IMPLEMENTATION.pdf (Size: 346.05 KB / Downloads: 221)
Abstract
increasing need for protecting data communication in computer networks has
led to development of several cryptography algorithms. The Advanced Encryption
Standard (AES) is a computer security standard issued by the National Institute of
Standards and Technology (NIST) intended for protecting electronic data. Its
specification is defined in Federal Information Processing Standards (FIPS) Publication
197. The AES cryptography algorithm can be used to encrypt/decrypt blocks of 128 bits
and is capable of using cipher keys of 128, 196 or 256 bits wide (AES128, AES196, and
AES256).
The Advanced Encryption Standard can be implemented in either software or
hardware. Hardware acceleration is the use of hardware to perform a task more
efficiently than is possible in software. In order to achieve higher performance in today’s
heavily loaded communication networks, utilization of hardware accelerators for
cryptography algorithms is more efficient.
INTRODUCTION
In today’s digital world, encryption is emerging as a disintegrable part of all
communication networks and information processing systems, for protecting both stored
and in transit data. Encryption is the transformation of plain data (known as plaintext)
into unintelligible data (known as ciphertext) through an algorithm referred to as cipher.
There are numerous encryption algorithms that are now commonly used in computation,
but the U.S. government has adopted the Advanced Encryption Standard (AES) to be
used by Federal departments and agencies for protecting sensitive information. The
National Institute of Standards and Technology (NIST) has published the specifications
of this encryption standard in the Federal Information Processing Standards (FIPS)
Publication 197. [1]
Any conventional symmetric cipher, such as AES, requires a single key for both
encryption and decryption, which is independent of the plaintext and the cipher itself. It
should be impractical to retrieve the plaintext solely based on the ciphertext and the
encryption algorithm, without knowing the encryption key. Thus, the secrecy of the
encryption key is of high importance in symmetric ciphers such as AES. Software
implementation of encryption algorithms does not provide ultimate secrecy of the key
since the operating system, on which the encryption software runs, is always vulnerable
to attacks.
Cipher Transformations
The AES cipher either operates on individual bytes of the State or an entire
row/column. At the start of the cipher, the input is copied into the State as described in
Section 2.2. Then, an initial Round Key addition is performed on the State. Round keys
are derived from the cipher key using the Key Expansion routine. The key expansion
routine generates a series of round keys for each round of transformations that are
performed on the State.
The transformations performed on the state are similar among all AES versions
but the number of transformation rounds depends on the cipher key length. The final
round in all AES versions differs slightly from the first Nr −1 rounds as it has one less
transformation performed on the State.
AES128 DESIGN AND IMPLEMENTATION
Overview
In this chapter, a hardware model for implementing the AES128 algorithm is
introduced. The model is implemented using the SystemVerilog hardware description
language [5]. This chapter covers the design and implementation issues of the AES128
algorithm. In the next chapter, a test infrastructure is presented that thoroughly tests the
functionality of the implemented model. The hardware model developed in this chapter
is synthesizable. This means that the model provides a cycle-by-cycle RTL description
of the circuit that a logic synthesis tool can convert to an optimized gate-level netlist. [3]
The modeling process utilized in this project is the bottom-up approach. This
means that the leaf components in the design hierarchy were developed first and the
higher-level modules were constructed by instantiating their subcomponents and
connecting them with the internal signals. All the modules in the design hierarchy were
modeled in behavioral style, but the root module consisted of data flow modeling as well
to implement the four major cipher transformations.
AES128_Interface
As designs are becoming more complex, the number of module ports and the
complexity of the interconnections between the modules are also increasing. The
SystemVerilog Interface construct is the solution for properly connecting the modules as
it provides an intelligent means of communication between several modules.
The Interface bundles the ports together and enforces synchronization between the
modules connected through it. The Interface can provide connectivity between design
modules and/or testbench. The modport construct is used in an Interface to specify the
direction of signals that are bundled together and to group the signals that are
synchronous to a specifc clock. In this project, the SystemVerilog Interface was only
used to connect the high-level design with the testbench as shown in Figure 14. As a
result, there were two modports declared for the Interface in this project.